Big front-end era, FEer talks about 12factor-App Go microservice project Podinfo’s Helm 3 deployment Traefik 2 practical chapter

introduce

This is a series

1. Big front end era, using containers to explore the open source Golang microservice template project
2. FEer talks about the beginning of Podinfo, a 12 Factor-App Go microservice
3. Big front-end era, FEer talk about 12factor-App Go micro service project Podinfo K8S from 0 to 1 built actual combat
4. Big front-end era, FEer talk about 12factor-App Go micro service project Podinfo K8S cert-manager and Let’s Encrypt actual combat

What is Traefik?

Traefik, The Cloud Native Edge Router

Traefik is a modern HTTP reverse proxy and load balancer for easy deployment of microservices.

This article on Digg think123 has a good explanation for Traefik usage: Why did I choose Traefik2 as my gateway?

The preparatory work

Helm V3

Make sure you have Helm V3 installed, the previous section described how to install it -> Helm V3 installation.

## Check the version number
helm version
# version. BuildInfo {version: "v3.0.1 GitCommit:" 7 c22ef9ce89e0ebeb7125ba2ebf7d421f3e82ffa GitTreeState: "clean", GoVersion: "go1.13.4}"
Copy the code

Traefik v2 helm chart values.yaml

GitHub repository: Traefik-helm-chart

Its Chart Values. Yaml, there are many details of the configuration, you can explore. At the very least, there could be an article on it later (there are so many things related to microservices).

Here I simply configure:

traefik-v2-chart-values.yaml

service:
  type: ClusterIP

ingressRoute:
  dashboard:
    enabled: false

nodeSelector:
  kubernetes.io/hostname: k8s-master-1

ports:
  web:
    hostPort: 80
  websecure:
    hostPort: 443
  traefik:
    port: 8080
    hostPort: 8080
    exposedPort: 8080
    expose: true

additionalArguments:
  - "--serversTransport.insecureSkipVerify=true"
  - "--api.insecure=true"
  - "--api.dashboard=true"
Copy the code

CloudFlare Configuration (you may not need it)

Configure the SSL/TLS encryption mode:

Configuring Page Rules

Add Traefik v2 helm chart

helm repo add traefik https://containous.github.io/traefik-helm-chart
helm repo update Update the repository
Copy the code

Helm V3 deploys Traefik V2

helm install traefik traefik/traefik -f traefik-v2-chart-values.yaml -n kube-system
# helm uninstall traefik-n kube-system # Uninstall traefik
Copy the code

OK, Ready!!!!!!

Deploy the Traefik panel

Parsing the domain name

Here is the least I can do to parse traefik.cloud-fe.com into my K8S cluster.

Last time, at least the domain name was docked to CloudFlare, so:

The certificate is issued under kube-system

In the last section, which is rarely covered in detail, configure Certificate

So:

kubectl apply -f cloudfe-certificate.yaml -n kube-system
Copy the code

View the certificate in kube-system

kubectl describe Certificate -n kube-system
Copy the code

Deployment panel Ingress Route

Traefik – dashboard – ingress – the route. The yaml is as follows:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard-route
spec:
  entryPoints:
    - websecure
  tls:
    secretName: cloudfe-cert-tls
  routes:
    - match: Host(`traefik.cloud-fe.com`)
      kind: Rule
      services:
        - name: traefik
          port: 8080
Copy the code

Application configuration

kubectl apply -f traefik-dashboard-ingress-route.yaml -n kube-system
# kubectl delete -f traefik-dashboard-ingress-route.yaml -n kube-system
Copy the code

The access panel

traefik.cloud-fe.com

Perfect deployment.

Set panel access using Traefik middleware BasicAuth

Please refer to BasicAuth for detailed documentation

Configuration Secret

The password must be an MD5, SHA1, or BCrypt hash.

Here I’m saying for example that htpasswd generates a hash with username cloudfe and password cloudfe123.

htpasswd -nb cloudfe cloudfe123
# cloudfe:$apr1$ETFHyV73$hzz88wP7TNSWhCDByD1VT0
Copy the code

Traefik – authsecret. Yaml is as follows:

apiVersion: v1
kind: Secret
metadata:
  name: traefik-authsecret
type: Opaque
stringData:
  users: cloudfe:$apr1$ETFHyV73$hzz88wP7TNSWhCDByD1VT0
Copy the code

Configure the BasicAuth middleware

Traefik – basic auth. Yaml is as follows:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-basic-auth
spec:
  basicAuth:
    secret: traefik-authsecret
Copy the code

Configure the Ingress Route again

Traefik – dashboard – ingress – the route. The yaml is as follows:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard-route
spec:
  entryPoints:
    - websecure
  tls:
    secretName: cloudfe-cert-tls
  routes:
    - match: Host(`traefik.cloud-fe.com`)
      kind: Rule
      services:
        - name: traefik
          port: 8080
      middlewares:
        - name: traefik-basic-auth
Copy the code

Application configuration

kubectl apply -f traefik-authsecret.yaml -n kube-system
kubectl apply -f traefik-basic-auth.yaml -n kube-system
kubectl apply -f traefik-dashboard-ingress-route.yaml -n kube-system
Copy the code

Revisit the panel

traefik.cloud-fe.com

See? You have to be authenticated to access it.

Reference & Thanks

• Traefik official document
• Traefik Chinese document
• traefik-helm-chart
• Why do I choose Traefik2 as the gateway?
• Understand the use of Traefik2.1